POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?

nec10
Posts: 2
Joined: Wed Jul 18, 2012 3:03 am

POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?

Postby nec10 » Thu Oct 16, 2014 2:36 am

We need to shut off SSLv3 support in Frontmotion Firefox using group policy.

As far as I can see, the supplied ADMX files only list the deprecated setting "security.enable_ssl3".

The correct setting to use in modern Firefox is "security.tls.version.min" - are there any plans to release newer ADMX filew which cover this?

In the short term - how can we use group policy to turn off SSLv3 support in Frontmotion Firefox?

Thanks,

Nick Cole
UIS - MIS
University of Cambridge

trockenasche
Posts: 26
Joined: Tue Nov 22, 2011 11:46 am

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Postby trockenasche » Tue Oct 21, 2014 9:46 am

I made my own firefox.admx file beside the mozilla.admx file
it contains following:

Code: Select all

<policy name="SECURITY_TLS_VERSION_MIN" class="Machine" displayName="$(string.SECURITY_TLS_VERSION_MIN)" explainText="$(string.SECURITY_TLS_VERSION_MIN_Help)" presentation="$(presentation.SECURITY_TLS_VERSION_MIN)" key="Software\Policies\Mozilla\lockPref">
      <parentCategory ref="FIREFOX" />
      <supportedOn ref="windows:SUPPORTED_ProductOnly" />
      <elements>
        <decimal id="SECURITY_TLS_VERSION_MIN" key="Software\Policies\Mozilla\lockPref" valueName="security.tls.version.min" />
      </elements>
    </policy>


and the adml file contains following:

Code: Select all

<string id="SECURITY_TLS_VERSION_MIN">security.tls.version.min</string>
<string id="SECURITY_TLS_VERSION_MIN_Help">with the value 1 it's forcing minimum version tls 1.0 </string>

Code: Select all

<presentation id="SECURITY_TLS_VERSION_MIN">
        <decimalTextBox refId="SECURITY_TLS_VERSION_MIN">Value:</decimalTextBox>
      </presentation>

User avatar
jab_au
Posts: 21
Joined: Thu Nov 29, 2007 4:57 am
Location: New South Wales, Australia
Contact:

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Postby jab_au » Thu Oct 23, 2014 8:24 pm

In the classic mozilla.adm file I found a entry called security.enable_ssl3 and set this to disabled.

trockenasche
Posts: 26
Joined: Tue Nov 22, 2011 11:46 am

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Postby trockenasche » Fri Oct 24, 2014 4:56 am

Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to set security.tls.version.min = 1

Zylo
Posts: 1
Joined: Thu Feb 11, 2016 5:51 am

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Postby Zylo » Fri Feb 12, 2016 5:46 am

trockenasche wrote:Nope, the option security.enable_ssl3 is obsolete and doesn't work since phen375 here and the Firefox version 23.x.
You have to set security.tls.version.min = 1


Would I still need to do this in the latest version of Firefox?


Return to “Feedback and troubleshooting”

Who is online

Users browsing this forum: No registered users and 1 guest